|
|
|
Abstracts
|
14 30 - 1445 |
Opening remarks: |
|
Reinhard Scholl, Deputy to the Director, Telecommunication
Standardization Bureau (ITU-T) |
|
Alexander Ntoko, Head, Corporate Strategy Division, SPM Dept.,
ITU |
|
Arkadiy Kremer, Chairman, ITU-T SG 17 |
|
1445 - 1600 |
Session 1: Networks, users, services and information as
protected objects
Chairman: William McCrum, (Industry Canada)
|
Vladimir Belenkovich, (AGC): From public networks to
public services
The paradigm shift in the telecom world which was initially seen mainly
as the transition from the circuit switching to the packet switching,
from TDM to VoIP, happened to be an even more fundamental change of the
mind set for networks and services designers and providers. The
architecture of the underpinning network fabric is rapidly changing
along with the new network technologies, but much faster the service
architecture and business architecture are moving to the focus of the
public services area stakeholders. The carriers’ networks do not provide
yet full support and coverage for the new services already successfully
tested and deployed in the public Internet space. Now, to be part of the
Big Game coming, Network Providers form their request for the new
inter-networking architecture, streamlined for the value networks
support, to retain their customers. The governments, both as service
providers and as regulators, have their own view of the new merging
world of services. |
|
David Goodman, (EEMA): New business-models for network operators |
|
Ted Humphreys, (ISO): Information Security Management and Business |
|
1600 - 1630 |
Coffee break |
|
1630 - 1800 |
Session 2: ITU information security initiatives
Chairman:
Mohamed M.K. Elhaj, (Vice-Chair, ITU-T SG 17)
|
|
Patrick Mwesigwa, (Vice-Chair, ITU-T SG 17): Business use
of security standards |
Ostap Monkewich, (Consultant, Industry Canada): Providing
testability for ITU Recommendations
The presentation looks at Recommendations from the point of view of conformance and
interoperability testing of products that implement ITU-T Recommendations. It addresses
why we need to test, the kinds of testing that is relevant, the expected quality of test
results and what companion Recommendations are needed for each base Recommendation we develop.
It points to the existing Recommendations that prescribe these additional requirements and the
means for developing higher-quality Recommendations. |
Antonio Guimaraes, (Vice-Chair, ITU-T SG 17):
International collaboration for national public networks security
An overview of WTSA-08 Resolutions related to telecommunication security,
followed by a more detailed analysis of a recommended security baseline for
national public networks operators. These proposals cover aspects of operators’
policy, technical tools and collaboration baseline. Finally, the ITU’s role in
organizing and coordinating the International collaboration for national public
networks security is discussed. |
|
1800 - 2000 |
Welcome reception |
| |
|
0930 - 1100 |
Session 3: Cybersecurity
Chairman: Koji Nakao,
(Vice-Chair, ITU-T SG 17)
|
James Ennis, (US Government): Best practices for organizing national cybersecurity efforts
IP-based networks are today a critical part of national economic
infrastructures. One way that IP-based networks add value to a national
economy is by facilitating commercial activities in all other national
economic sectors.
Today, these IP-based networks are under attack. Weaknesses in IP-based
networks are being exploited. The effectiveness of these activities
undermines confidence in IP-based networks and prevents them from
maximizing the value they can add to national economies. Billions of
dollars are being lost annually as a result.
Because the Internet and other IP-based networks are global, the problem
is also global. That is to say, instituting good cybersecurity practices
in one country has a limited effect as long as other countries do not
also institute good cybersecurity practices. Therefore, it is in the
interest of all countries to work together to achieve global
cybersecurity.
The ITU is addressing this problem in a number of ways. One way is to
reach out to the developing world to assist developing countries to
develop national cybersecurity programs based on best practices. One
high level effort in this regard is found in the work of Question 22 of
Study Group 1 of the ITU Development Sector. Q22 is developing a report
on national best cybersecurity practices.
The report has identified five key components to a good national
cybersecurity plan: (1) a national strategy; (2) a strong partnership
between government and industry; (3) a sound legal foundation that
addresses cyberattacks; (4) a national watch, warning, and incident
response program; and (5) development of a "culture of cybersecurity
awareness" among a nation's enterprises and individual users of IP-based
networks.
The report also contains annexes that discuss spam and identity
management and an extensive list of references and links to places where
additional information on these topics can be found.
Q22 will complete its report in September, 2009. All interested parties
are invited to participate in the next meeting of Q22, April 6-7 in
Geneva. |
Mikhail Kader, (Cisco): IP NGN Security Framework
The primary challenge faced by today’s service providers is maintaining
service predictability in the presence of an outbreak of malicious
traffic sourced from multiple endpoints spread across multiple network
boundaries. In today’s terms, this type of behavior has been identified
with threats such as distributed-denial-of-service (DDoS) attacks, turbo
worms, e-mail spam, phishing, and viruses. The amount of traffic
generated by infections and subsequent outbreaks can disrupt the normal
operation of a modern network. Security has become a critical
characteristic of all services and is essential to the profit line of
service providers. This presentaiton will discuss how to maintain
heightened network security, transition from the traditional reactive
stance to an incrementally proactive stance by reducing windows of
vulnerability, improving reaction times, and effectively mitigating
attacks. |
Magnus Kalkuhl, (Virus Analyst, Global Research and Analysis Team Kaspersky Labs GmbH):
Fighting cybercrime in 2009
Modern malware does more than just infecting a couple of files for the
fun of it's author - nowadays, malware is written for profit. Magnus
Kalkuhl will show how this illegal business works and what can be done
in order to protect the internet and its users. |
|
1100 - 1130 |
Coffee break |
|
1130 - 1300 |
Session 4: Secured applications
Chairman: Heung Youl Youm,
(Vice-Chair, ITU-T SG 17)
|
Igor Milashevskiy, (INTERVALE): Secure Mobile Banking as Telecommunication Operator Service
Solutions in which a mobile terminal acts as a payment or banking
terminal, and mobile network, as a secure transaction exchange
environment are the important area of remote mobile payments. The
implementation of such solutions leads to an effective extension of a
banking infrastructure to all mobile terminals, which enables quicker
adoption of banking services and makes financial environment potentially
less conductive to fraudulent and disruptive activities.
A critical element needed to establish such mobile payment system is a
robust interface between the banking system and mobile
telecommunications networks, which will provide a binding and secure
link between a person identity and a mobile subscriber identity.
The existing infrastructure of secure key storage and cryptographic
calculation provided by the Subscriber Identity Module (SIM) / Universal
Subscriber Identity Module (USIM) / Removable User Identity Module (RUIM)
used in today’s mobile networks, on one side, and standard cryptographic
Hardware Security Modules (HSM) used in modern banking systems, on the
other side, can enable identity authentication within such solutions,
combining security, reliability and non-repudiation. |
Michel Riguidel,
(Telecom ParisTech, France): Future
Internet Security
The current Internet was unable to adapt either to mobility, or to
modern security. The Internet of the future will be polymorphous,
created on the basis of different infrastructures. It is necessary to
incorporate the split, the dynamic and evolving nature of digital
systems. Our current information technology paradigms are in the process
of being dissolved. The dichotomies between computer and networks,
between hardware and software, between applications and services,
between the logical and the virtual, between software and information,
are in the process of being blurred or, more precisely, the terms of the
caesura are radically changing meaning. The road map for the network
architecture is following the same itinerary as the history of computer
languages, with a complexification of the abstract structure typing. In
international information technology research [www.inco-trust.eu], it is
necessary to regain an intercontinental way of thinking. The world’s
thoughts are undoubtedly localised: it is therefore necessary to
consider the difference, the models of other-ness. |
J.S. Lee, (ETRI, Korea): ITU-T Security Standardization on Mobile Web Services
Mobile industry is adopting Web Services technologies to the mobile
domain since they can solve integration problems between operators,
service providers, and content providers. Security is one of the
important issues in the adoption of Web Services in the mobile
environment, and this presentation provides a summary of standardization
activities related to Mobile Web Services security in ITU-T SG17
focusing on X.1143(X.websec-3). X.1143 describes the security
architecture and security service scenarios for message security in
mobile Web Services. This presentation also briefly introduces
X.websec-4 which is in the early stage of standardization in ITU-T SG17.
X.websec-4 describes security threats and security requirements of the
enhanced Web based Telecommunication Services. |
|
1300 - 1430 |
Lunch break |
|
1430 - 1600 |
Session 5: SDOs’ security standardization, implementation and
evaluation strategy
Chairman: Herb Bertine, (former Chairman, ITU-T SG 17)
|
Walter Fumy, (ISO/IEC JTC 1/SC 27): ISO/IEC JTC 1/SC 27 - IT Security Techniques
ISO Committee SC 27 is a primary resource of International Standards on
application-independent IT security techniques. The group has developed
many specifications and guidelines already in use by commerce, industry
and government. Major achievements range from cryptographic techniques
to security management guidelines and security evaluation.
By continuously enhancing its work program and taking on board the
latest in business practice (such as privacy technology and identity
management), new and emerging threats and risks, as well as advances in
technology, SC 27 is well positioned to shape the future of IT security. |
Arkadiy Kremer, (Chairman, ITU-T SG 17): ITU-T Security Standardization
The presentation provides an overview of key security standardization
activities in the ITU-T SG 17. The important initiatives and results of
the ITU-T SG 17 in the area will be announced. The presentation will
explain the mission and advantages of the ITU in ICT security
standardization as the only global intergovernmental and industry
collaborative technical organization. Collaboration with the other SDOs
will present as a key for the work on security standards to improve the
timeliness and effectiveness and avoid duplication of effort. |
Carmine Rizzo, (ETSI): ETSI Security Standardization
The increasing complexity and rapid development of new systems and networks, the sophistication of
changing threats, and the presence of intrinsic vulnerabilities present demanding challenges for
the Information society in its efforts to secure Information and Communications Technology (ICT)
systems and networks against the threats and related risks to which they are subject. To minimise
exposure to risks, Security must be built in from the beginning when designing new architectures,
and not added on at a later stage as an optional feature.
In such a challenging scenario, Information Security Standards are essential to ensure interoperability
among systems and networks, compliance with legislations and adequate levels of security, thus creating a
more secure and profitable environment for the industrial sector from SME to large global companies, as well
as benefits for governmental organisations, research bodies and universities.
ETSI (European Telecommunications Standards Institute) is an independent, non-profit organization, whose
mission is to produce telecommunications standards. ETSI has over 20 years of experience in global
standardization efforts in various telecommunications areas, with strong focus on Security matters.
Within various Technical Bodies and Working Groups, ETSI's standardization activities cover a broad
spectrum of security issues, including Next Generation Networks (NGNs), Electronic Signatures and
Infrastructures, Smart Cards, Lawful Interception and Data Retention, RFID, GSM on aircrafts, Emergency
and Public Safety Communications. In order to co-ordinate and promote standardization activities related
to security issues across the various Technical Bodies, ETSI has an Operational Co-ordination Group on
Security (OCG Sec). The proposed presentation will provide an overview of all such activities.
|
|
1600 - 1630 |
Coffee break |
|
1630 - 1745 |
Session 6: Identification services
Chairman: Jianyong Chen,
(Vice-Chair, ITU-T SG 17)
|
Tony Rutkoswki, (VeriSign): Identity Management
Identity Management is the foundation and core for all
telecommunication/ICT security. The explosively expanding and vast array
of "network nomadic" individuals, providers, and objects has challenged
our ability to effectively manage their identities and trust anchors.
This presentation describes these Identity Management challenges and the
current global ecosystem of related work and activities, including a set
of unique and critically important initiatives underway in the ITU-T
designed to address those challenges. The presentation concludes with a
global vision of Identity Management capabilities for 2009 and beyond
that promise substantial enhancements for telecommunication/ICT
security. |
Erik Andersen, (Rapporteur, ITU-T SG 17): Identification
Services as provided by directories (X.500 incl. X.509)
Identification services are essential within several IT-security areas.
Secure identification is required for protecting of information against
misuse, malicious modification, destruction of information and for
preventing spiteful and unwanted use of services. The X.500 Directory
specification provides means for storing identification information and
it specifies elaborate mechanisms for protecting such information. In
addition, X.509 provides specification for secure authentication and
authorisation also to be used outside the strict areas of directory.
X.509 also provides specifications for how to establish the necessary
infrastructure for providing secure authentication and authorization. |
Sang Rae Cho, (ETRI, Korea): Trend in User-Centric Identity Management Technology
This presentation will provide a brief summary how IdM technology has
been evolved and why current IdM technologies have focused on three
different aspects: user-centric, network-centric and
application-centric. The presentation will also explain the current
standardization effort in ITU-T and other Standardization Development
Organizations. At the end, brief idea and concept of Digital Identity
Wallet will be explored to demonstrate the state-of-art IdM technology. |
|
1745 - 1815 |
Closing Remarks |
|
Reinhard Scholl, Deputy to the Director, Telecommunication
Standardization Bureau (ITU-T) |
|
Alexander Ntoko, Head, Corporate Strategy Division, SPM Dept.,
ITU |
|
Arkadiy Kremer, Chairman, ITU-T SG 17 |
|
|
|
